New changelog entries:
[Scott Kitterman]
* Correct Debian's smtp (8) man page name in d/p/debian-man-name.diff for
lmtp. Closes: #920356
* Fix d/init.d running change so it works with multi-instance again
- Thanks to <email address hidden> for the fix. Closes: #944922
* Bump standards-version to 4.5.0 without further change
* Switch from debian/compat to debhelper-compat and bump compat to 12
- Update debian/rules to use dh_installsystemd instead of dh_systemd_enable and dh_systemd_start
- Update debian/rules for new example install path
[Wietse Venema]
* 3.4.9
New changelog entries:
[Scott Kitterman]
* Stop generating obsolete Upstream substvar
* Bump standards-version to 4.4.1 without further change
* Use -l instead of LD_LIBRARY_PATH for dh_shlibdeps
* Check GPG signature when downloading new versions via uscan
[Wietse Venema]
* 3.4.8
New changelog entries:
[Andreas Hasenack]
* Update autopkgtest to use python3. Closes: #943212 LP: #1845334
[Scott Kitterman]
* Update smtp_tls_CApath to /etc/ssl/certs so it actually works.
Closes: #923083
* Refactor running status detection in sysv init based on upstream
postfix-script so it works in docker. Closes: #941293
New changelog entries:
[Andreas Hasenack]
* * d/p/80_glibc2.30-ftbfs.diff: fix build with glibc 2.30 (LP: #1842923)
[Scott Kitterman]
* Refresh patches
* Modernize default TLS setup:
- Drop addition of smtpd_tls_session_cache_database to TLS parameters (no
longer needed since TLS session tickets are used now). Closes: #934803
- Replace use of obsolescent smtpd_use_tls=yes with
smtpd_tls_security_level=may in default TLS setting. Closes: #520936
- Add smtp_tls_security_level=may to default TLS settings so that both
client and server TLS are now enabled be default for new installations.
Closes: #163144
- Stop copying smtp_tls_CAfile into chroot, not needed per postfix docs
- Also copy smtpd_tls_CApath files into chroot. Closes: #579248
- Add smtp_tls_CApath using /usr/share/ca-certificates/ to default TLS
configuration so postfix smtp client can use the system certificate
store to verify smtp server certificates, add ca-certificates to postfix
Recommends. Closes: #923083
* Bump standards version to 4.4.0 without further change
* Fix spelling errors in Debian provided man pages
[Christian Göttsche]
* Fix debian/rules so build flags are applied Closes: #879668
[Wietse Venema]
* 3.4.6
* 3.4.7
New changelog entries:
[Wietse Venema]
* 3.4.5
- With message_size_limit=0 (which is NOT DOCUMENTED), BDAT
chunks were always rejected as too large. File: smtpd/smtpd.c
- Bugfix (introduced: Postfix 3.0): LMTP connections over
UNIX-domain sockets were cached but not reused, due to a
cache lookup key mismatch. Therefore, idle cached connections
could exhaust LMTP server resources, resulting in two-second
pauses between email deliveries. This problem was investigated
by Juliana Rodrigueiro. File: smtp/smtp_connect.c.
New changelog entries:
[Wietse Venema]
* 3.4.2
- Bugfix (introduced: 20181226): broken DANE trust anchor
file support, caused by left-over debris from the 20181226
TLS library overhaul. Scott Kitterman. File: tls/tls_dane.c.
Closes: #924183
- Bugfix (introduced: Postfix-1.0.1): null pointer read, while
logging a warning after a corrupted bounce log file. File:
global/bounce_log.c.
- Bugfix (introduced: Postfix-2.9.0): null pointer read, while
logging a warning after a postscreen_command_filter read
error. File: postscreen/postscreen_smtpd.c. global/bounce_log.c
* 3.4.3
- Bitrot: LINUX5s support, after some sanity checks with a
rawhide prerelease version. Files: makedefs, util/sys_defs.h.
Closes: #922477
* 3.4.4
- Bugfix (introduced: Postfix 2.2): reject_multi_recipient_bounce
has been producing false rejects starting with the Postfix
2.2 smtpd_end_of_data_restrictons, and for the same reasons,
does the same with the Postfix 3.4 BDAT command. The latter
was reported by Andreas Schulze. File: smtpd/smtpd_check.c.
Closes: #925082